Cal Evans, a prominent member of the PHP community, has put together a new project sharing what he's called "Wisdom of the ElePHPant", a series of short thoughts by members of the PHP community touching on everything from the art of programming to helping out open source projects to working with code reviews.

All of these little nuggets of wisdom have been gathered and put into a small book, one per page. These books cannot be purchased but there are sources where you can find them and get a copy of your own (such as conferences, user groups or from various members of the PHP community). Fortunately, there was more than enough wisdom to go around and some of the submissions are also being shared on the site including current ones from Jeremy Kendall, Erika Heidi and Cal himself.

This is a great resource for some quick chunks of wisdom from developers who have seen (and overcome) a lot of the challenges developers experience every day. I highly suggest picking up a copy for yourself...if you can track one down. For more check out the project's main site, WisdomOfTheElePHPant.com.

Today both the Laracon.us and Laracon.eu conference sites have been launched. Both sharing the same style of branding and logo. The US conference will be held in Kentucky on August 11-12, and the EU in Amsterdam on August 25-26. Early bird pricing is available for both and the speaker lineup will be announced at a later time.

The Early Bird tickets for each even come in at just a bit over $300 USD and no schedules have been posted, but that's a great price for either of these two-day events. Each site also has links to subscribe to a mailing list related to the event so you can get the latest updates as they're released.

The Symfony framework blog has posted their end of year review for 2014 with happenings in both the Symfony framework and community.

2014 has been the busiest year in the entire history of the Symfony project website. First, we redesigned our website to bring in a more modern look and feel. Then, we added two new sections: Symfony Marketplace, which is the place where you can find all the products and services built around Symfony ecosystem and Symfony Jobs, which is the official job board to look for and post Symfony related job offers.

In addition, we boosted the official Symfony Blog with lots of new articles and a faster post publishing pace to provide you more contents.

They list out their "top ten" of most popular posts on the site including articles about performance, the v 3.0 roadmap and developer experience. They end the post with a reminder about another new part of the site coming soon - the Symfony Showcase showing off sites built with the framework.

As many probably noticed yesterday, the entire PHP.net domain (subdomains and all) were marked by the Google Safe Browsing service as potentially harmful. The issue has been discovered and resolved so things are back to normal, but the development group wanted to provide an update as to the current status.

We are continuing to work through the repercussions of the php.net malware issue described in a news post earlier today. As part of this, the php.net systems team have audited every server operated by php.net, and have found that two servers were compromised: the server which hosted the www.php.net, static.php.net and git.php.net domains, and was previously suspected based on the JavaScript malware, and the server hosting bugs.php.net. The method by which these servers were compromised is unknown at this time.

The post talks about some of the actions taken since the compromise and more details about what happened. It all revolved around a malicious Javascript file that was served to some visitors of the site. For more information as it becomes available, check back with the main PHP.net site or follow official_php on Twitter.

In a new post to his site Hannes Magnusson talks some about the current PHP documentation (and PHP.net site) formatting and how, while changes to it are quick, they should be instant. He suggests a path to get there and a new tool that could help.

Since 2008 there have been numerous efforts to create a new design for www.php.net, all of which have failed - so far. We've never come as close as two years ago, when the "beta mode" option was added to our website, but we never really got around to finish it. The "beta design" has even received a lot of makeover compared to what is "beta mode" now.
To make things a little bit more awesome, there is also a new branch called "responsive" which has a lot of changes in it too, especially for manual pages. Hopefully, one day, we'll actually finish one of these and flip the switch forever.

While he's been a fan of the DocBook structure that's currently in use, he points out that learning the markup can be a hinderance to people contributing. His tool, PhD, does some custom parsing too adding additional complexity. To help, he's working on a new tool (WTFM) to use Markdown formatting instead of DocBook, a more common format.

The Symfony website has always been in English as English is probably the lingua-franca for web developers. But as some sections of the website do not change that frequently (mainly the "What is Symfony?", "Get started", and "About" sections), and because not all developers are comfortable reading English websites, I'm very happy to announce that most of the static contents are now available in a public Git repository.

They've already had people contributing back to the documentation in their own languages including German, Slovak, Czech, Swedish and Polish. Some of them are still works in progress, but they're getting there.

According to this new post on DevShed, there have been several targeted attacks against U.S. bank websites (DDoS), some of which involved the compromise of PHP-based applications.

Once the hackers got into the PHP-based websites, they inserted toolkits to turn them into launch pads for their distributed denial-of-service attacks. Hackers then launched the attacks on banks by connecting directly to the compromised PHP-based websites and sending them commands, or took advantage of intermediate servers, proxies or scripts to make the websites do their bidding. InformationWeek lists three attack tools used by the hackers: KamiKaze, AMOS, and the "itsokaynoproblembro" toolkit, also known as Brobot.

Several major banks have been targeted including Bank of America, JP Morgan/Chase, HSBC and Well Fargo. The main problem was out-of-date software running on the site containing known security issues the attackers could exploit to install their own software.

If a hacker can break into a PHP-based website to use it as a staging area for an attack on a different website, they can also use that website to store stolen information. InformationWeek cited the example of the Eurograbber attack campaign, revealed earlier this month. The gang involved in that campaign stole $47 million from more than 30,000 corporate and private banking customers - and used PHP-based websites into which they hacked to store stolen information.

PHPMaster.com has a new tutorial posted sharing a few helpful hints about speeding up CakePHP-driven sites to help squeeze the most performance out of your site.

By applying a few simple modifications, and even some more complex enhancements, CakePHP can be sped up quite a bit. By the time you work your way through even half of these changes, the performance of your your CakePHP site will be comparable to many other popular PHP frameworks, with the advantage that your development speed will never falter!

There's several tips in their list - some a bit more difficult to accomplish than others, but worth the results:

The question, however, has always been "how useful is this feature really and does it bring more harm than good?". It's not that easy to answer since there are so many notes submitted by a wide range of users and some will likely go unnoticed while others seem to get undue attention due to their positioning near the top of the user-notes section of a particularly trafficked page.

The poster proposes a few things that could help make them a bit more effective (and useful overall) including voting on the note contents, flagging potential issues and sorting the notes based on popularity/age. He's put together a proof of concept as seen here with some of the new features.